Yes, it sounds like caching. But it's not my browser: even if someone hits
the page from a totally different computer or another browser, I get the
same results: whatever was served first from that file is stuck, and nobody
ever gets any different result. (If the first browser was not logged in to
the app, then the value is "${password}" for everyone.) Yes, I tested my
cache as you say.
We've now tested with Tomcat as well, so it's not caching in the app
server. We've also done Linux vs Windows servers, and with and without
Apache in the middle, running from Eclipse and from scripted startup. I'm
fairly sure I'm taking advantage of something in Wicket inadvertently; I've
moved this stuff around into the session and a base page and the page
constructor, and with and without any of the "final" keywords that I had at
the beginning, all to no avail.
My latest guess is that one of my shortcut methods that call a static method
(eg. Session.get()) is getting the same one every time (though that's a
stretch because all other pages show dynamics data correctly.) It's just
the .js file that's always gives the same result, no matter who hits it and
no matter where they're from.
BTW, the URL of the .js resource is this:
.../resources/com.max.backoffice.page.BasePage/sensitive.js
I must have changed something, because I swear it worked a month ago. Erg.
I'll try any wild ideas. Thanks!
Trent
PS: Yes, you're absolutely right about the password security! It hurts me
to even show this as my example.
On Thu, Jan 15, 2009 at 5:13 PM, Igor Vaynberg <igor.vaynb...@gmail.com>wrote:
> sounds like your browser is caching it.
>
> try this:
>
> hit the page
> check the value
> empty browser cache
> refresh the page
> see if the value changed...
>
>
> other then that i hope you know that storing a password in cleartext
> inside a js file might not be the best idea :)
>
> -igor
>
> On Thu, Jan 15, 2009 at 4:02 PM, Trent Larson <larsontr...@gmail.com>
> wrote:
> > Some time ago, I wrote the following code to generate a javascript
> resource
> > with values that are unique to each user. I would have sworn that it
> > worked, and that it would return a different value depending on which
> user
> > was logged in. However, I've just found that it is now always returning
> the
> > same value, whichever value was first retrieved. Any ideas?
> >
> > Here's the javascript file (named "sensitive.js"):
> >
> > function getInfoTraxPassword() {
> > return "${password}";
> > }
> >
> >
> >
> > Here is the Java code:
> >
> > HashMap<String,Object> vars = new HashMap<String,Object>();
> > vars.put("password", currentUser.getPassword());
> > TextTemplateResourceReference ref =
> > new TextTemplateResourceReference(
> > BasePage.class,
> > "sensitive.js",
> > "text/javascript",
> > new Model(vars)){
> > @Override
> > public Time lastModifiedTime() { return Time.now(); }
> > };
> > add(new JavaScriptReference("sensitiveJavascript", ref));
> >
> >
> > I'm including it in the HTML HEAD this way:
> >
> > <script wicket:id="sensitiveJavascript"></script>
> >
> >
> > I'm currently running the Java code inside the Page class, and with my
> > debugger I see it getting the right value as it steps through the code.
> Ask
> > me anything else, I dare you! I swear I've been through every
> combination
> > of logic, but once I hit that javascript file the first time, I can never
> > get any other value for the ${password}. I'm currently using Jetty for
> the
> > app server, with nothing (like Apache) in between.
> >
> > Any brainstorms are welcome. Thanks!
> > Trent
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
